 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: st: AW: password
Austin & Phil are correct, you don't want to use ZIP passwords because
they are susceptible to AZPR & dictionary-based attacks. (We had to
get into one of our own locked .zip files where the password was
forgotten & it took less than a minute and a half).
GnuPG is a good option, as long as it is installed on all the machines
using it, but I wanted to mention a solution I use with Mac OSX and
its built-in, system encryption tools for those interested. In Mac
OSX, you can create a disk image (.dmg) file that can be encrypted
AES-256 or a sparseimage encrypted AES-256. (The latter can change
its file size when you add new data to it up to the limit you set, the
former is a static disk image size.)
When I need to read/write sensitive data, I use the BSD/terminal
command line utility 'hdiutil' from my do-file to keep the file
encrypted (note: hdiutil replaces the older command hdid). The
limitation of this process is that a .dmg or .sparseimage file cannot
be directly opened in Windows, but the benefit is that it is secure &
does not require installation of an external program.
You could still get these files to a Windows OS by:
1. copying the files from the encrypted disk image to an unencrypted
folder while it is mounted; 2. burning a .cdr or .iso disk image that
is readable by windows. (I've included syntax below to write a disk
image for Windows.) ; 3. you can use a program like Truecrypt to
mount a .dmg file in Windows or GnuPG as suggested previously.
Here's the code I use in my do-files:
*****************
capture !rm -f "/users/username/desktop/image.sparseimage"
// 1. create sparseimage file
!hdiutil create -size 1g -type SPARSE -fs HFS+ -volname Image "/users/
username/desktop/image" -encryption AES-256
**enter a password at the prompt; do not save your password in the
keychain**
// 2. open/mount to sparseimage file
!hdiutil attach "/users/username/desktop/image.sparseimage"
// 3. read/write to sparseimage file
webuse auto
* commands here*
save "/volumes/image/data_new.dta", replace
// 4. close/unmount sparseimage file
!hdiutil detach "/users/username/desktop/image"
// 5. Create a hybrid ISO disk image for Windows/Mac (.iso)
!hdiutil makehybrid -o "/users/username/desktop/imagenew" "/users/
username/desktop/image.sparseimage"
******** Alternatively: Create diskimage for Windows // Burn
Window image to Disc (.cdr) ********
!hdiutil convert "/users/username/desktop/image.sparseimage" -format
UDTO -o "/users/username/desktop/image"
*****************
You can include " -passphrase <pw>" in the -!hdiutil create- and -!
hdiutil attach- commands and put your password in place of <pw> to
avoid having to type it into the dialog box, but it's not advisable to
leave your password lying around in an unprotected do-file.
Note: the .cdr file includes the ISO-9660 file system with the
Joliet extensions (for a CD or volume that you can *mount* in
Windows), but the .iso file created by the -!hdiutil makehybrid-
command works best in Mac OSX and Windows OS because it includes all
the filesystems (the ISO-9660, HFS+, UDF, and the Joliet extensions)
(plus, its compression is better, so the filesize will be much
smaller) . For added security, you can define a security certificate
file in the -!hdiutil- command that requires a certificate, in
addition to the password, for user access.
Eric
__
Eric A. Booth
Public Policy Research Institute
Texas A&M University
[email protected]
Office: +979.845.6754
Fax: +979.845.0249
On May 18, 2009, at 1:43 PM, Visintainer PhD, Paul wrote:
Thanks Austin and Martin.
The question came from our institutional review board who wanted to
know whether our analytic data files are passworded. The example
they gave me was Excel and Access, which can password databases.
Some of the files where data are stored are shared drives. I don't
think that a single password will prevent access, but at least may
deter it. I couldn't find anything from a Stata search, so I didn't
think the capacity existed.
I know there are other ways to deter access (e.g., passwording
folders or assigning individual drives which must be logged into).
We'll have to explore these.
-p
_____________________
Paul F. Visintainer, PhD
Baystate Health System
280 Chestnut Street
Springfield, MA 01199
(T) 413.794.7686
(F) 413.794.7689
[email protected]
-----Original Message-----
From: [email protected] [mailto:[email protected]
] On Behalf Of Austin Nichols
Sent: Monday, May 18, 2009 12:30 PM
To: [email protected]
Subject: Re: st: AW: password
Paul---
But note that zip passwords are not secure. How secure do you need
the data file to be? Who needs access?
You might get what you need from openPGP e.g. http://www.gnupg.org
On Mon, May 18, 2009 at 12:18 PM, Martin Weiss
<[email protected]> wrote:
<>
Never heard of such a facility. (You can verify integrity via -help
datasignature-.) If I had to protect a dta with a password, I would
use an
external zip program and add a password to the zip file. Also, dtas
shrink
considerably when zipped...
HTH
Martin
-----Ursprüngliche Nachricht-----
Von: [email protected]
[mailto:[email protected]] Im Auftrag von
Visintainer
PhD, Paul
Gesendet: Montag, 18. Mai 2009 17:35
An: [email protected]
Betreff: st: password
Does Stata have a capacity for passwording data files?
Thanks.
_____________________
Paul F. Visintainer, PhD
*
*
* For searches and help try:
* http://www.stata.com/help.cgi?search
* http://www.stata.com/support/statalist/faq
* http://www.ats.ucla.edu/stat/stata/